|
hello all
i do this code in db but parse give me this erro "input string not in the correct format" When i leave the field parsed blank (textBox2.text)
"Insert INTO test (Name,age,address) Values('"+textBox1.Text+"','"+decimal.Parse(textBox2.Text)+"','"+textBox3.Text+"
Regards
haytham
|
|
|
|
|
This is what I mean by string concantenation. Don't EVER do this! Use parameterized queries instead. What you doing now results in goofy error you have trouble nailing down and also REALLY opens your code up for SQL injection attacks. For examples, check out the SqlParameter class[^].
RageInTheMachine9532
"...a pungent, ghastly, stinky piece of cheese!" -- The Roaming Gnome
|
|
|
|
|
The Decimal type can't parse an empty string. It's as invalid a decimal as "Frank" is.
Either make sure you're only dealing with valid values in the TextBox before you parse it or catch the FormatException that will be thrown otherwise. You'll get better performance validating the input, though.
By the way, when Dave Kreskowiak asked you about using string concatenation to build your SQL statement a few posts down, this is what he meant.
A much better way is to use parameters in your query. The exact syntax varies from provider to provider, but here's an example:
OleDbCommand command = new OleDbCommand("Insert INTO test (Name,age,address) Values(?, ?, ?)");
command.Parameters.Add(new OleDbParameter("Name", _name));
command.Parameters.Add(new OleDbParameter("Age", _age));
command.Parameters.Add(new OleDbParameter("Address", _address));
Charlie
if(!curlies){ return; }
|
|
|
|
|
Hello Charlie,
Thanks for your help...
i try this code but give the same error
SqlConnection cnn = new SqlConnection();<br />
cnn.ConnectionString = "workstation id=SERVER;packet size=4096;integrated security=SSPI;data source=SERVER;persist security info=True;initial catalog=TestDB";<br />
SqlCommand cmd = new SqlCommand("Insert INTO test (Name,age,address) Values(@Name,@age,@address)");<br />
<br />
cmd.Parameters.Add(new SqlParameter("@Name",SqlDbType.VarChar));<br />
cmd.Parameters["@Name"].Value = textBox1.Text;<br />
<br />
cmd.Parameters.Add(new SqlParameter("@age",SqlDbType.Decimal));<br />
cmd.Parameters["@age"].Value = decimal.Parse(textBox2.Text.Trim());<br />
<br />
cmd.Parameters.Add(new SqlParameter("@address",SqlDbType.VarChar));<br />
cmd.Parameters["@address"].Value = textBox3.Text;<br />
<br />
<br />
<br />
cnn.Open();<br />
cmd.ExecuteNonQuery();<br />
cnn.Close();
please help
Thanks
|
|
|
|
|
Hello Charlie,
Thanks for your help...
i try this code but give the same error
SqlConnection cnn = new SqlConnection();<br />
cnn.ConnectionString = "workstation id=SERVER;packet size=4096;integrated security=SSPI;data source=SERVER;persist security info=True;initial catalog=TestDB";<br />
SqlCommand cmd = new SqlCommand("Insert INTO test (Name,age,address) Values(@Name,@age,@address)");<br />
<br />
cmd.Parameters.Add(new SqlParameter("@Name",SqlDbType.VarChar));<br />
cmd.Parameters["@Name"].Value = textBox1.Text;<br />
<br />
cmd.Parameters.Add(new SqlParameter("@age",SqlDbType.Decimal));<br />
cmd.Parameters["@age"].Value = decimal.Parse(textBox2.Text.Trim());<br />
<br />
cmd.Parameters.Add(new SqlParameter("@address",SqlDbType.VarChar));<br />
cmd.Parameters["@address"].Value = textBox3.Text;<br />
<br />
<br />
<br />
cnn.Open();<br />
cmd.ExecuteNonQuery();<br />
cnn.Close();
please help
Thanks
|
|
|
|
|
you still have the same error in your code:
decimal.Parse(textBox2.Text.Trim());
decimal.Parse will throw a FormatException when the parameter is a blank string. Test for a blank string before the call to this method.
|
|
|
|
|
ok but i need to make some fields require and some fields not require the problem in the fields that not require when the user will leave it blank
how can i solve this problem
regards
Hay
|
|
|
|
|
what i want to do is read some information from a text file straight into an access database
but i cant find any examples can anyone help with
some code or a site with that information
thx
|
|
|
|
|
I'm not sure but access should be able to use the ADO lib's. IF so its jsut a matter of using the ADO conection to insert a string into the Db.
this.SQLConn.ConnectionString = "data source=" + DS + "; initial catalog=Cat"; integrated security=true; persist security info=False; workstation id=" + WorkID + "; packet size=4096";
SQLConn.Open();
if(SQLConn.State == ConnectionState.Open)
{
//insert data
}
As far as reading a file use streamreader http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpref/html/frlrfsystemiostreamreaderclassctortopic2.asp[^]
Ronald Hahn, CNT - Computer Engineering Technologist
New Technologies Analyst
HahnTech Affiliated With Code Constructors
Edmonton, Alberta, Canada
Email: rhahn82@telus.net
|
|
|
|
|
hi all,
i progarmming a forms that insert data from form to database table and i never do any require field in database or in code but i alwayes have exception "input string not in a correct format" untill i fill all the field required and not required
pleae help
haytham
|
|
|
|
|
Ara you sure that your sql sentence is well created? It must be a problem in your code, once creating the sql string. I think is not a problem with the DB and the required fields.
Why don't you put a pice of your code (where you create the sql sentence), with this information will be difficult to help you (almost for me ).
Bye!
"Catalonia is not Spain"
|
|
|
|
|
I'll bet money your using string concantenation to build your SQL statement, aren't you?
RageInTheMachine9532
"...a pungent, ghastly, stinky piece of cheese!" -- The Roaming Gnome
|
|
|
|
|
Hello
Thanks for your reply ...
i am not understand what you mean please make it simply and plz give me example
thanks
|
|
|
|
|
It means you're adding strings together to build an SQL statement. Something like this:
string mySqlStatement = "SELECT * FROM someTable WHERE parm1=" + parm1.ToString() + " AND parm2='" + parm2TextBox.Text + "'"
Don't EVER do this. Use parameterized queries instead.
RageInTheMachine9532
"...a pungent, ghastly, stinky piece of cheese!" -- The Roaming Gnome
|
|
|
|
|
I do always use like this and always works!
Why you don't suggest him to do it?
Bye!
"Catalonia is not Spain"
|
|
|
|
|
Sure it works, but it's SO vulnerable it's almost funny! Consider the following code:
string mySQLStatement = "select count(*) from users where userName='" + userName.Text + "' and userPass='" + userPassword.Text + "'"
Now, if the attack enters:
Username: ' OR 1=1 --
Password: anything
The SQL Statement becomes:
SELECT COUNT(*) FROM Users WHERE username='' OR 1=1 --' AND userpass='anything'
Well, in SQL syntax, two consecutive dashes in a row (--) is a comment, just like // is C++ or C# is a comment or ' in VB. So you real SQL statement now looks like:
SELECT COUNT(*) FROM Users WHERE username='' OR 1=1
The result form the SQL statement will always be the number of records in the table, never 0.
Search the web for "SQL Injection Attacks" to find out more and see lots of example of how to break cheap code like this.
RageInTheMachine9532
"...a pungent, ghastly, stinky piece of cheese!" -- The Roaming Gnome
|
|
|
|
|
Very interesting... I didn't know anything about it. And wich is the correct solution?
I'm developing a Windows Forms applications (not ASP.NET application). The SQL Injection Attacks can be done to my application or is only a problem of webs?
Bye!
"Catalonia is not Spain"
|
|
|
|
|
I've looked 'round and haven't found much of anything helpful on the subject. how do I create a key in the registry with a certain value?
in my case,
key: GroupPolicyRefreshTime
value: 00000001
it will be located in: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\LocalUser\Software\Policies\Microsoft\Windows\System
I'm sure it isn't hard, I just don't know how to code it exactly. Thank you so much for the help. Plus, I really don't have time to be reading an entire article.
|
|
|
|
|
|
Go here[^] And scroll down to Trick 6: Windows Registry and you
That's it. It will take 5 minutes to copy-paste and start working.
Salil Khedkar [^]
|
|
|
|
|
|
Hello,
I have a problem using the PrinterSettings property. I am trying to get what the user enters in the PrintDialog...
<br />
private void mnuPrint_Click(object sender, System.EventArgs e)<br />
{<br />
System.Drawing.Printing.PrinterSettings settings = new PrinterSettings(); <br />
printDoc.DefaultPageSettings = pgSettings;<br />
dlgPrint.Document = printDoc;<br />
if (dlgPrint.ShowDialog() == DialogResult.OK)<br />
{<br />
settings = dlgPrint.PrinterSettings; <br />
printDoc.Print();<br />
}<br />
}<br />
Then, when i try to read the values in settings it don't get what the user entered. For example, if i put:
short a = settings.Copies;
a will equal 1, even if i entered 5 copies in the PrintDialog. If anyone can tell me how to get the PrinterSettings the user entered. It would be greatly appreciated.
Thanks
|
|
|
|
|
System.Drawing.Printing.PrinterSettings pr=new System.Drawing.Printing.PrinterSettings();<br />
PrintDialog dia=new PrintDialog();<br />
dia.PrinterSettings=pr;<br />
short a=0;<br />
if(dia.ShowDialog()==DialogResult.OK)<br />
{<br />
a=pr.Copies;<br />
}<br />
MessageBox.Show(a.ToString());
Sreejith Nair
[ My Articles ]
|
|
|
|
|
Hi there,
Thank you for your reply. Unfortunatly, it still doesn't work.
I found what the problem was, after spending a lot of time searching about this silly problem, i found this :
http://support.microsoft.com/kb/331134[^]
So, i guess that this is my problem (I am on Framework 1.0)
Anyways, thanks for your help!
Hugo
|
|
|
|
|
I created a form without title bar named frmNoTitle. I set up the form properties like:
this.FormBorderStyle = System.Windows.Forms.FormBorderStyle.None;
this.ControlBox = false;
this.MaximizeBox = false;
this.MinimizeBox = false;
In the main MDI form, I have a menu to open thisfrmNoTitle form. I add following code in the menu's click event:
frmNoTitle frm=new frmNoTitle ();
frm.MdiParent=this;
frm.Show();
This works fine except that I noticed the frmNoTitle form's title bar(min,max,clos buttons) flashes for a very very short time, then diappear
I looks like that the program displayed the form title bar first, then make it invisible.
How I can get rid of it?
TIA
|
|
|
|